If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

ATTENTION: Windows 10 users

Beta 2 build is now available!

If you just upgraded to Windows 10 or running build 10240 or greater of Win 10 pre-release you will need to download and install the new version of ZoneAlarm 14.0.157.000

I am running Windows XP SP2, Firefox 3.0, Zonealarm Free, Avira AntiVir and a Samsung Printer.
I have a cable internet connection through a router at my house. I am not sure whether another computer which is in the house is connected (or trying to connect?!?!?!) to my computer?

I have never received these warnings before and the only thing I did differently this morning was to give all Nero programs in the program list a green tick in the two columns - Access to trusted and Access to Internet. (I did NOT give them server access to trusted or internet).

Please help me!!! I am worried about this!!! The other computer I mentioned above is attempting to be cleaned from a trojan Win32.Agent.pz could it be that this is trying to infect my computer? How do I know if my computer has a connection with the other one? I only know we use a router for the cable internet connection and that the aforementioned computer is also connected via this connection.

Re: Zonealarm Security Warning

Port 445 is a netbios port (file sharing, printer. ics, etc) and the 192.168.x.x IP is a private IP.
So what happened - one PC of your local area network tried to connect to the other PC - all on your own local are network. Not the Internet.
It was just a connection attempt and not an attack

The ZA gave this alert because the other PC's IP is not entered as Trusted into the Zones and that other PC is perceived as being Internet (no open ports are allowed) , not Trusted (will allow open ports).

Even if the other PC is in the middle of a cleanup, then connections from the other PC are still blocked by the ZA firewall.
You are still safe and secure.

More than likely some security scanner or event of the cleanup or reset/replacement of windows files triggered the outgoing connection from the infescted PC.
This would probably be a normal event for that infected PC - trying to connect to the other devices of the local area network.
Most win32.agent troyans use regular http (port 80) or the mIRC/IRC ports or some weird port in the 10000-60000 range for the internet connections. Not port 445.
To be sure, why not check the firewall logs of the infected PC and see what application was attempting the outgoing connections across you LAN.
Checking those firewall logs will save you a lot of guessing or worrying.

Re: Zonealarm Security Warning

You obviously do not have the other PC's IP entered as Trusted in the ZA.
Trusted Security slider set at medium will allow open ports to the Trusted IPs.
(before you get upset, the dns and dhcp IP should be set as Trusted in the Zones - these IP's need to have the ZA accept unsolicited incoming connections from the dns and the dhcp and diredctly to the correct applications involved in the events).

I think after some googling that oodag.exe is a defragmentation program on my computer. In the progam settings section of zonealarm all o&amp;o files have the four options set to ask (ie. access and server areas are all set to ask).

What should I do? Should I raise the bar in 'protection - middle' to trusted?

Should I tick the box on the continuous warnings - 'Don't show this warning again' and effectively ignore them?

Should I uninstall the O&amp;O defrag program?

When I loaded O&amp;O up just then it asks for a registration code as 30 days trial free has expired. Do you think this is the cause of all the problems?

Thank you so much for your time and assistance, I look forward to your next advice.

I think after some googling that oodag.exe is a defragmentation program on my computer. In the progam settings section of zonealarm all o&o files have the four options set to ask (ie. access and server areas are all set to ask).

What should I do? Should I raise the bar in 'protection - middle' to trusted?

Should I tick the box on the continuous warnings - 'Don't show this warning again' and effectively ignore them?

Should I uninstall the O&O defrag program?

When I loaded O&O up just then it asks for a registration code as 30 days trial free has expired. Do you think this is the cause of all the problems?

Thank you so much for your time and assistance, I look forward to your next advice.

ZA_Avastfan<hr>

First instead of spending time and effort with search engines, why not right click the file in question and open the Properties and have a look at the time/date of install, the file's other names and the file's vendor & product name and look at the certificates for the file. A lot easier and faster and much more accurate.

Why are you suddenly scared of 0.0.0.0 address...this is 0.0.0.0 is very commonplace and absolutely secure... this addresses refer to source hosts on network or as a source of the localhost.
Or in other words strictly for the localhost addressing and for connecting ONLY to your local area network. Not the internet as would be the case with a troyan.
Really this is absolutely nothing to be concerned about.
This happens all the time with many other applications and will continue to happen, but it is probably the first time this has come to your attention. Go back to ignoring it.

As I said before the port connection was dropped anyways, so why all this fuss???

Do not increase the Trusted Security slider unless you are prepared to make Expert Rules to now compenssate for the blocked (& needed connections) incoming from the dhcp and the dns and other related servers. If you set up the firewall with expert rules, then sure go ahead and increase the security level. If no rules are getting set up, then leave this up to the ZA and let the ZA dop this automatically for you.
It does seem the ZA has being doing the job perfectly for you so far.

If the O&O trial has expired, the why not uninstall it or just buy it?
If the defragger is able to do networked drives, it is more than likely will defrag networked drives - does that now make sense as to why a safe and secure (albeit expired) trial wants to oonnect to other networked devices??? Maybe it is trying to find other network drives to defrag? If you just loaded the O&O, does it not stand to reason it will then search for network drives and do activation of files / injections on the host PC?
Next time do not load the O&O or just uninstall it or buy it (if it's any good and you want to spend monies on a degfagger). The problem will get solved that way.

Just relax, stay calm and clean the other infected PC.
I can not see anything wrong excepted unwarranted worrying, unfounded doubts and un-neccessary fears.

Yes ignore the ZA alerts or set the alerts to not show this warning again.

Re: Zonealarm Security Warning

Re: Zonealarm Security Warning

You are welcome ZA_Avastfan

It is good to be concerned, but always looking for the unusal events can be mis leading at times (even though malware could be that unusual event).

The hard part is not knowing what is correct and acceptable and what is not.
We have all been there and some of us never have forgot that state of confusion.
The knowledge only comes from experience and constant learning.
Once the basics of the networking and internet is better understood, then the firewalls, logs and servers all fall into place.
And so will a lot of understanding of security fall into place with that new learning.